"Paul Williams [MVP]" wrote:

> It is possible to set a user object so that they don't require a password,
> regardless of domain complexity requirements.  I can't remember the
> attribute, or bit, but it is easy to do with NET:
>  -- http://www.msresource.net/content/view/21/48/
>
>
> How are you creating the user in VBS?  Can you post the code?
>
> --
> Paul Williams
> Microsoft MVP - Windows Server - Directory Services
> http://www.msresource.net | http://forums.msresource.net
>
>
>

"Paul Williams [MVP]" wrote:

> Sorry, OE converted the statement:
>
> objUser.setPassword"<password>" into an e-mail as I used a semi-complex
> password as an example.  Note you must encapsulate in quotes, or pass a
> string variant.
>
> --
> Paul Williams
> Microsoft MVP - Windows Server - Directory Services
> http://www.msresource.net | http://forums.msresource.net
>
>
>

> 544 - 512 = 32
>
> 512 = normal user
> 32 = password not required
>
>
> Don't set the userAccountControl attribute to include the PASSWD_NOTREQD
> bit.
>
> Use something like this:
>
> Set objOU = GetObject("LDAP://ou=Users,dc=domain,dc=fr")
> Set objUser = objOU.Create("User", "cn=AA112")
> objUser.Put "sAMAccountName", "AA112"
> objUser.Put "givenName", "Anicet"
> objUser.Put "sn", "Aseplier"
> objUser.SetInfo
> objUser.setPasswordaC0mpl3xP@55w0rd~!
> objUser.accountDisabled=false
> objUser.setInfo
>
>
> Basically, the first setInfo sets the account as disabled (514 = normal
> (512) + disabled (2)).  You then set a password, and then set as enabled.
>

"Paul Williams [MVP]" <ptw2***@hotmail.com> wrote in message
news:uBnaEp0SGHA.4340@tk2msftngp13.phx.gbl...
> How come we can't set the password with the other attributes and have to
> perform two setInfo's?  Do you know what the limitation actually is?
>
> I imagine that this isn't the case in other languages?
>
> --
> Paul Williams
> Microsoft MVP - Windows Server - Directory Services
> http://www.msresource.net | http://forums.msresource.net
>
>

> It is really a limitation of how ADSI works.  SetPassword will only work on
> an object that already exists in the directory.  ADSI also doesn't provide a
> mechanism where you can set unicodePwd correctly during object creation.  As
> such, you often end up with a three step process:
>  - Create account
>  - Set password
>  - Enable account
>
> If you use a lower level API (LDAP C, .NET S.DS.Protocols, LDIF), you can do
> the whole thing at once, even if there is a password policy in place.  For
> most of us, the extra effort isn't worth the perf increase.  If I needed to
> fill a DC or ADAM instance with thousands of accounts with passwords and
> enabled status at high speed, I might write the .NET code or perhaps the
> LDIF file to do it.  There is very little chance you'd get me to write the C
> code these days.  :)  Joe Richards on the other hand...
>
> Joe K.
>
> "Paul Williams [MVP]" <ptw2***@hotmail.com> wrote in message
> news:uBnaEp0SGHA.4340@tk2msftngp13.phx.gbl...
>> How come we can't set the password with the other attributes and have to
>> perform two setInfo's?  Do you know what the limitation actually is?
>>
>> I imagine that this isn't the case in other languages?
>>
>> --
>> Paul Williams
>> Microsoft MVP - Windows Server - Directory Services
>> http://www.msresource.net | http://forums.msresource.net
>>
>>
>
>

"Paul Williams [MVP]" <ptw2***@hotmail.com> wrote in message
news:Olk3Co$SGHA.792@TK2MSFTNGP10.phx.gbl...
> Ah well...
>
> Looks like I'm going to have to learn either .NET or C.  I've briefly
> played
> with .NET.  It's been a while since I played with C (and I mean played -
> lame little apps like hello world, etc).
>
> I think I'll have to buy Joe (Ks) book and take it from there.  If I can
> do
> that, maybe C can follow later.  I know I'm bored with VBScript now, and
> don't fancy Perl...
>
> --
> Paul Williams
> Microsoft MVP - Windows Server - Directory Services
> http://www.msresource.net | http://forums.msresource.net
>
>

> If you come to DEC, check out my talk (last day, last session).  It is all
> about this kind of stuff.
>
> We are also going to talk about Monad in the context of writing DS code that
> uses .NET in a scripting context.  You might be interested.
>
> Joe K.
>
> "Paul Williams [MVP]" <ptw2***@hotmail.com> wrote in message
> news:Olk3Co$SGHA.792@TK2MSFTNGP10.phx.gbl...
>> Ah well...
>>
>> Looks like I'm going to have to learn either .NET or C.  I've briefly
>> played
>> with .NET.  It's been a while since I played with C (and I mean played -
>> lame little apps like hello world, etc).
>>
>> I think I'll have to buy Joe (Ks) book and take it from there.  If I can
>> do
>> that, maybe C can follow later.  I know I'm bored with VBScript now, and
>> don't fancy Perl...
>>
>> --
>> Paul Williams
>> Microsoft MVP - Windows Server - Directory Services
>> http://www.msresource.net | http://forums.msresource.net
>>
>>
>
>

"Joe Richards [MVP]" <humorexpr***@hotmail.com> wrote in message
news:eYDeaWkTGHA.1672@tk2msftngp13.phx.gbl...
> Damn that was the time slot Dean and I wanted so we could have fun
> recapping the entire conference in a fun way. Instead we got slapped into
> early Monday afternoon or so.
>
>
> --
> Joe Richards Microsoft MVP Windows Server Directory Services
> Author of O'Reilly Active Directory Third Edition
> www.joeware.net
>
>
> ---O'Reilly Active Directory Third Edition now available---
>
>         http://www.joeware.net/win/ad3e.htm
>
>
>